Really? Can you provide some examples of domains that use so many
subdomains for mail that it's impractical to cover the ones they use
individually? (Not counting wildcards, we know that's a swamp.) For
the domains I know, the mail comes from one or a handful of fixed
subdomains, and any random subdomain is bogus.
OK, please provide a list of such domains and we can special-case them.
Any domain with a lot of A records qualifies because you can't tell whether
they're using the subdomain "for mail" or not.
Just so I'm sure I understand you, you're claiming that DNS managers are
without exception so hostile and/or incompetent that they can not set up
ADSP records for the A records they manage. That's not "would prefer not
to", it's "can not". As JD pointed out a few weeks ago, anyone using DKIM
is going to need to manage new DNS records anyway, so if your DNS managers
refuse to install anything, you're screwed no matter what ADSP says.
If you're saying this is the situation where you work, I belive you, but I
know it's not the case everywhere, and one set of uncooperative DNS
managers seems like a poor basis for casting a permanent DNS kludge in
stone.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html